tuxcord/tuxcord.nix
8
2
Fork 1
Code Issues 13 Pull Requests Actions Packages Projects 1 Releases Wiki Activity

Compare commits

base: tuxcord/tuxcord.nix:5942c97c1c4b9815d4e5643b42cc2a4e4cbe850c
Branches Tags
tuxcord/tuxcord.nix:main tuxcord/tuxcord.nix:staging tuxcord/tuxcord.nix:styling/forgejo tuxcord/tuxcord.nix:auth/authelia tuxcord/tuxcord.nix:auth/authentik
...
compare: tuxcord/tuxcord.nix:97fbec56b124ff0d033b656cd6a0c3bae1aa62d1
Branches Tags
tuxcord/tuxcord.nix:staging tuxcord/tuxcord.nix:styling/forgejo tuxcord/tuxcord.nix:auth/authelia tuxcord/tuxcord.nix:auth/authentik tuxcord/tuxcord.nix:main

4 Commits
5942c97c1c ... 97fbec56b1

Author SHA1 Message Date
javalsai 97fbec56b1 nixos/services: add gitea server
Check / Nix flake (push) Failing after 9s
Details
Lint / Nix expressions (push) Failing after 11s
Details
2026-05-03 13:38:03 -04:00
javalsai 7ff5fb0da2 nixos/services: add nginx base configuration 2026-05-03 13:38:03 -04:00
javalsai b6e8297085 nixos/networking: add own fqdn to extraHosts 2026-05-03 13:38:03 -04:00
javalsai 8864af1ddf nixos/hosts: add tuxcord-vm host configuration 2026-05-03 13:37:25 -04:00
7 changed files with 94 additions and 1 deletions
Expand all files Collapse all files
nixos/common.nix
+17
View File
@@ -4,6 +4,7 @@
lib, lib,
pkgs, pkgs,
self, self,
config,
... ...
}: }:
let let
@@ -93,6 +94,22 @@ in
networkmanager.enable = true; networkmanager.enable = true;
firewall.enable = true; firewall.enable = true;
extraHosts =
let
subdomains = [ "" ".git" ];
in
builtins.foldl' (
hosts-acc: domain-prefix:
let
host = "${domain-prefix}${config.networking.fqdn}";
in
hosts-acc
+ ''
127.0.0.1 ${host}
::1 ${host}
''
) "" subdomains;
}; };
virtualisation.podman.enable = true; virtualisation.podman.enable = true;
nixos/default.nix
+2
View File
@@ -31,5 +31,7 @@ in
{ {
flake.nixosConfigurations = { flake.nixosConfigurations = {
tuxcord-ca = mkSystem "tuxcord-ca" "x86_64-linux"; tuxcord-ca = mkSystem "tuxcord-ca" "x86_64-linux";
tuxcord-test = mkSystem "tuxcord-test" "x86_64-linux";
}; };
} }
nixos/hosts/tuxcord-ca/default.nix
+1
View File
@@ -4,5 +4,6 @@
./storage.nix ./storage.nix
]; ];
networking.fqdn = "tuxcord.net";
time.timeZone = "Canada/Eastern"; time.timeZone = "Canada/Eastern";
} }
nixos/hosts/tuxcord-test/default.nix
+3
View File
@@ -0,0 +1,3 @@
{
networking.fqdn = "tuxcord.test";
}
nixos/modules/default.nix
+3 -1
View File
@@ -1,9 +1,11 @@
{ {
imports = [ imports = [
./fail2ban.nix ./fail2ban.nix
./sysctl.nix ./gitea.nix
./host.nix ./host.nix
./nginx.nix
./snapper.nix ./snapper.nix
./substituters.nix ./substituters.nix
./sysctl.nix
]; ];
} }
nixos/modules/gitea.nix
+27
View File
@@ -0,0 +1,27 @@
{ config, lib, ... }:
{
services.gitea = {
enable = true;
appName = "Tuxcord's Gitea";
database.type = "mysql";
lfs.enable = true;
settings.server.DOMAIN = config.networking.fqdn;
# settings.server.ROOT_URL = "https://git.tuxcord.net/"; ? would also depend on ssl status
settings.server.HTTP_PORT = 3000;
settings.service.DISABLE_REGISTRATION = true;
settings.service.REQUIRE_SIGNIN_VIEW = false;
settings.repository.ENABLE_PUSH_CREATE_USER = true;
settings.repository.ENABLE_PUSH_CREATE_ORG = true;
settings.repository.DEFAULT_BRANCH = "main";
# settings.ui.DEFAULT_THEME = "...";
# TODO: once we have email setup this would be nice
settings.mailer.ENABLED = true;
};
}
nixos/modules/nginx.nix
+41
View File
@@ -0,0 +1,41 @@
{ config, lib, ... }:
let
inherit (config.networking) fqdn;
mkVhost =
attrs:
{
forceSSL = false; # TODO: tweak per host
}
// attrs;
mkProxy = port: {
proxyPass = "http://127.0.0.1:${toString port}/";
};
in
{
networking.firewall.allowedTCPPorts = [
80
443
];
services.nginx = {
enable = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
recommendedGzipSettings = true;
recommendedOptimisation = true;
# services.nginx.virtualHosts."${fqdn}" = {
# addSSL = true;
# root = "/var/www/myhost.org";
# default = true;
# };
virtualHosts."git.${fqdn}" = mkVhost {
locations."/" = mkProxy config.services.gitea.settings.server.HTTP_PORT;
};
};
}